 sj |
||
|
||
Tech: Password stealing malware scan updated
|
|
|
|||||||
|
Tech: Password stealing malware scan updated |
Share Thread
|
||||||
|
Subject: RE: Tech: Password stealing malware scan updated From: JohnInKansas Date: 01 Oct 11 - 06:53 PM The rate at which new threats appear makes it rather difficult for all of the AV producers to keep up with everything. Someone has to identify that a new threat has appeared. Frequently the one who finds the new threat may offer a "signature" that identifies the presence of the threat, but quite often the first signature produces "false positives," identifying other (non-threatening) things as being infections. The signatures require lots of work to reconstruct a signature that's highly accurate in identifying a specific threat while giving a minimal number of false hits. There are NO PROGRAMS that can detect all known infections, and there are NO PROGRAMS that don't occasionally "find" false identifications. Most of the better AV programs now use "behavioral" detections, abandoning the "if it contains these bits it's viral" methods of earlier (and simpler) times for much of their detection, and using newer methods based on "if it does this" it's probably viral. This slightly increases the likelihood of "false positives" in all cases, and can greatly increase those odds when "nonstandard" programing techniques are included in a program or in page code. There has been a rush, among developers, to incorporate "new features" in web sites and browsers, many of which are not subject to any formally adopted standard. Most browsers now claim to be using HTML5, which has been "issued for review" but is NOT A STANDARD and is still subject to changes and "addition of new properties." Some browsers are using "new properties" that exist only in the mind of the one person who wrote the code. A few people claim to be using HTML6 that, so far as the Committee is concerned does not (officially) exist except as a "theoretical possibility." "Experimental" features of CSS frequently appear. XHTML is a "proposed" language that's only vaguely defined in preliminary form and IS NOT STANDARDIZED other than as "recommended practices" that are mostly ignored. Chrome has been one of the "leaders(?)" in attempting to use advanced (and non-standard) codings in order to offer features not available in other browsers, making it very likely that "false positive" viral indentifications will result if the "feature" uses code that "does something" that AV programs don't expect. Microsoft has used more XML/XHTML features (some undocumented? and none really "standardized") that are "poorly recognized" by other browsers. There truly is a "browser war" in process, but most of the recent activity has been directed at providing a "new experience" to the devotees of the "palm devices" and such, which unfortunately has corrupted much of the web for users of conventional (old fashioned) real computers. There are conflicts between the various browsers, but they appear to be mostly "accidental." It's very difficult to make your browser do something others don't do without using methods the others don't use, and conflicts are inevitable even if you have the best of intentions. John |
|
Subject: RE: Tech: Password stealing malware scan updated From: Stilly River Sage Date: 01 Oct 11 - 05:30 PM Today I updated the MS Forefront in a little used Dell with WinXP and the program didn't like one of the device drivers for the View Sonic monitor used with it. It ranked that a "medium" threat and I told it to quarantine the thing, I'm not going to fight over that driver, though I may have to reinstall it later if it seems necessary. MS seems to have gotten a bad batch of "threats" in the mix this time. SRS |
|
Subject: RE: Tech: Password stealing malware scan updated From: Stilly River Sage Date: 01 Oct 11 - 11:26 AM I think you nailed it, Phil. If I'd had the time yesterday I'd have searched for an answer (Bleeping Computers usually has these answers pretty quickly also). A co-worker responded that the Chrome-beta program works okay with Microsoft, it's the last fully-rendered version of Chrome that got killed off. SRS |
|
Subject: RE: Tech: Password stealing malware scan updated From: Newport Boy Date: 01 Oct 11 - 07:35 AM I'm just an observer (rarely using Windows these days) but it looks from this report that the problem was entirely Microsoft's. Phil |
|
Subject: RE: Tech: Password stealing malware scan updated From: Geoff the Duck Date: 01 Oct 11 - 04:20 AM The situation is not helped is not helped by microsoft's track record of deliberately modifying Windows to cripple other companies' programmes, leaving users with no option than to buy a very expensive Microsoft one that doesn't do the job anywhere near as well. Google currently seem to be the people poised to topple Microsoft's commercial domination of computing. If I were a conspiracy theorist, I might wonder if Gates's Babies were launching a campaign to destabilise the enemy. Quack! GtD. |
|
Subject: RE: Tech: Password stealing malware scan updated From: Stilly River Sage Date: 30 Sep 11 - 05:46 PM John, I think in this instance Forefront (an enterprise software application used by all of the computers on campus and recommended for use at home so we don't take viruses back to work with us) mis-identified a bit in Chrome. It wouldn't let a clean copy of Chrome install, kept blocking it, because of a part of it. I don't just run Forefront, I update and regularly run several programs to keep that kind of stuff out. I use WinPatrol to keep an eye on ANYTHING that tries to write to the registry. That's the only reason it's there (though it is useful for several other tidying applications, like cleaning crap out of the start menu that installs itself there.) SRS |
|
Subject: RE: Tech: Password stealing malware scan updated From: GUEST,.gargoyle Date: 30 Sep 11 - 04:58 PM Looks like a return of the great "Internet Browser Wars" of 1995.
The BEST "password locker" - is your own personal brain (mnemonic mind catagories) - or if that is failing (or seldom used) - notes scribbled in a physical (NON-hex/dec) log book with graphite or ink.
For over a decade - I have advocated:
Sincerely, It is a fluffy fold of sheep, ripe for shearing. I'll take two of the black 47. (it should NOT be the place of govt to protect "id jets" against themselves.) If you enrolled in Calculus but never had Algebra ... |
|
Subject: RE: Tech: Password stealing malware scan updated From: JohnInKansas Date: 30 Sep 11 - 03:13 PM The incorrect detection signature merely means that the bot may have been on your machine for a while without being detected. When the corrected signature was downloaded, the bot was detected and removed. The removal (or disabling) of your Chrome browser most likely means that the bot was invasively embedded into Chrome. That you did not find registry entries is not particularly good evidence of anything, as the page you linked indicates that the bot "hides its registry entries," although that page does not give any information about how they're hidden. Also, the removal of the bot may have already cleared them, before the scan identified the bot and gave you the clue that you should look for them. Although Forefront has individual computer versions available, it's intended for use as a complete system on business networks, where IT support people require the ability to remotely manage multiple kinds of antimalware programs on many machines. Unless your computer is on a business network where that kind of remote administration is necessary, it may not be a "better program" for an individual computer, since the remote management capability is just one more way for someone to hack into your machine(?) in the absence of "higher level network protections" that are part of Forefront server packages.(?) If your machine was, in fact, infected with this bot, you need to change all of your passwords anyway, since one of it's identified purposes is to steal passwords from "password lockers." You have no way of knowing whether it was successful before it was removed, so they all should be changed. John |
|
Subject: RE: Tech: Password stealing malware scan updated From: Stilly River Sage Date: 30 Sep 11 - 02:53 PM Part two. Microsoft seems to be detecting a regular part of the Chrome program and blocking the reinstallation of the program. I'm going to have to block that part of my antivirus software and hope that there isn't a real virus with the same filename/footprint. I suspect I'm not the only multi-browser user who will encounter this problem. SRS |
|
Subject: RE: Tech: Password stealing malware scan updated From: GUEST,999 Date: 30 Sep 11 - 02:50 PM I wrote a letter to the geniuses who wrote the code for Chrome. I have many screens that open half size. They know about it and despiote that millions of users are POed about it, they do NOTHING. Of course, they haven't written back. This sounds like something the same set of geniuses would do. I'm getting real fed up with Google Chrome, real fast. |
|
Subject: Tech: Password stealing malware scan updated From: Stilly River Sage Date: 30 Sep 11 - 02:20 PM Some of my browsers stopped working at noon after a scan by my Microsoft Forefront security program. The gist of the message was that it detected a piece of malware called PWS:Win32/Zbot. Apparently Microsoft had identified this and scanned for it in the past but was scanning for it wrong, the detection formula was incorrect. I think. Here's a page about this bot that doesn't include a mea culpa but it apparently is implied. It scanned the computer, blocked the file, and part of the "fix" was to uninstall my Chrome browser application. I scanned for a couple of the file names and don't find them in my system, so they evidently didn't make it into the registry. I don't know if it was active or simply lodged somewhere, or if this deleted a harmless file with a similar name. Anyone else get this kind of search result? I find it particularly annoying because I have been updating my passwords to be more secure, and it looks like I'll have to go update them all. SRS |
| Share Thread: |